Startup problem with ldap

Massimo Meregalli maxmere at ml.mbox.it
Mon Nov 5 21:50:38 CET 2007


Hi,
	I made some more tests on this topic and I've found the following:

	1) I get the same problem with the fresh configuration files as
installed by freeradius 1.1.7. This time I'd expect the server say it
can't contact "ldap.your.domain" instead it will stop like when started
with my configuration file. The ps command say the server is stopped in
the "futex_wait" before generating threads (the ps -eLf command report
only one thread). 

	2) The problem starts only when the ldap module is activated, no matter
if the module is configured in authorize or in authentication section.

	3) I've tried to start the server with uid = gid = root (to prevent uid
change) but I'got the same results. 

	4) Doing su - radiusd ; radiusd -X doesn't produce output differences
compared to when the server i started by root, all the things is working
fine.


Regards,

Massimo Meregalli


On Sat, 2007-11-03 at 14:37 +0100, Massimo Meregalli wrote:
> The server is configured to run as radiusd/radiusd and the configuration
> directory (/etc/raddb) as well as the log directory (/var/log/radiusd)
> are owned by radiusd with rwx permission for the owner, as all the files
> included in these directory.
> 
> I've tried to su - radiusd an then launch the server but I got the same
> result as before, if the server tries to put itself into backgroud  than
> the child never became ready to process requests.
> 
> What seems to be strange is that if the LDAP module is commented out
> from the configuration file then the server is working fine (with an
> entry from the users file).
> 
> I've also tried to change the ldap module (rlm_ldap) with the one of the
> version 1.1.3 (As I've red from the mailing list) with no luck.
> 
> The configuration I'm testing came from an installation of freeradius
> 1.1.3 that works fine.
> 
> Thanks
> 
> Massimo Meregalli
> 
> 
> On Fri, 2007-11-02 at 14:19 +0100, Alan DeKok wrote:
> > Massimo Meregalli wrote:
> > >                 If the server is started with radiusd -X or radiusd -s
> > >         all is fine and
> > >         the requests get answered correctly.
> > 
> >   Because it doesn't change uid's.
> > 
> > >                 If the server is started with radiusd -y it doesn't
> > >         statup correctly.
> > 
> >   You have likely edited the "user=" and/or "group=" lines in
> > radiusd.conf to set it to run as a non-root user.  You have then made
> > the configuration files so that the non-root user doesn't have
> > permission to read them.
> > 
> >   As root, do "su user", to the user you have configured.  Then run
> > "radiusd -X", and you will likely see more output as to what's going wrong.
> > 
> >   Alan DeKok.
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list